CISSP Practice Questions 601-620

Q: An access control list (ACL) on a router is MOST similar to which type of firewall? A. Stateful firewall B. Packet filtering firewall C. Application gateway firewall D. Heuristic firewall

Correct answer: B. ACLs inspect packet headers (source, destination, protocol) to permit or deny traffic, similar to packet filtering firewalls.

Q: While dealing with the consequences of a security incident, which security controls are MOST appropriate? A. Detective and recovery controls B. Corrective and recovery controls C. Preventative and corrective controls D. Recovery and proactive controls

Correct answer: B. Corrective controls restore systems post-incident, while recovery controls ensure service continuity and data restoration.

Q: A cloud hosting provider wants to offer a freely distributable report relevant to its security program. Which SOC report BEST meets this requirement? A. SOC 1 B. SOC 2 Type 1 C. SOC 2 Type 2 D. SOC 3

Correct answer: D. SOC 3 reports are designed for public distribution and provide high-level assurance about security controls without exposing sensitive details. SOC 1 and SOC 2 reports require restricted distribution.

Q: Which of the following is TRUE for an organization using a third-party federated identity service? A. The organization specifies alone how to authenticate other users B. The organization defines internal user ID standards C. The organization establishes a trust relationship with other organizations D. The organization enforces rules to other organizations’ user provisioning

Correct answer: C. Federated identity relies on mutual trust relationships to enable authentication and authorization across organizational boundaries.

Q: Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization? A. Asset owner interviews and open-source tools B. Desktop configuration, administration, and procurement tools C. On-premise storage configuration, cloud management, and partner tools D. System configuration, network management, and license management tools

Correct answer: D. Accurate asset inventory requires centralized system configuration management, network discovery, and license management tools to track hardware and software consistently across the organization.

Q: Which outsourcing agreement provision has the HIGHEST priority from a security operations perspective? A. Preventing subcontractor use B. Contract renegotiation terms in disaster C. Root cause analysis for performance issues D. Escalation process for incident resolution

Correct answer: D. A defined escalation process ensures timely incident communication and resolution between vendors and internal teams.

Q: Which of the following is the MOST comprehensive Business Continuity (BC) test? A. Full interruption B. Full simulation C. Tabletop exercise D. Full functional drill

Correct answer: A. Full interruption testing involves halting normal operations to validate all recovery procedures — the most thorough BC test type.

Q: A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement? A. An intrusion prevention system (IPS) B. Network Access Control (NAC) C. Active Directory (AD) authentication D. A firewall

Correct answer: B. Network Access Control (NAC) validates device compliance (such as antivirus, patch level, and OS version) before allowing network access, ensuring endpoints meet security standards.

Q: During an internal audit of an Information Security Management System (ISMS), nonconformities are identified. In which management stage are nonconformities reviewed, assessed, and corrected by the organization? A. Assessment B. Planning C. Improvement D. Operation

Correct answer: C. Under ISO 27001’s PDCA cycle, corrective actions to resolve audit nonconformities occur during the Improvement stage, where issues identified during assessment are addressed and remediated.

Q: When developing an external-facing web-based system, which of the following should be the MAIN focus of the security assessment prior to implementation and production? A. Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority B. Ensuring SSL certificates are internally signed C. Assessing the Uniform Resource Locator (URL) D. Ensuring that input validation is enforced

Correct answer: D. Input validation is the primary defense against common web application attacks such as SQL injection and cross-site scripting (XSS). Transport layer security is important but secondary to application-level security controls.

Question 601

Question 601

An access control list (ACL) on a router is MOST similar to which type of firewall?
A. Stateful firewall
B. Packet filtering firewall
C. Application gateway firewall
D. Heuristic firewall

Question 602

Question 602

While dealing with the consequences of a security incident, which security controls are MOST appropriate?
A. Detective and recovery controls
B. Corrective and recovery controls
C. Preventative and corrective controls
D. Recovery and proactive controls

Question 603

Question 603

A cloud hosting provider wants to offer a freely distributable report relevant to its security program. Which SOC report BEST meets this requirement?
A. SOC 1
B. SOC 2 Type 1
C. SOC 2 Type 2
D. SOC 3

Question 604

Question 604

Which of the following is TRUE for an organization using a third-party federated identity service?
A. The organization specifies alone how to authenticate other users
B. The organization defines internal user ID standards
C. The organization establishes a trust relationship with other organizations
D. The organization enforces rules to other organizations’ user provisioning

Question 605

Question 605

Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?
A. Asset owner interviews and open-source tools
B. Desktop configuration, administration, and procurement tools
C. On-premise storage configuration, cloud management, and partner tools
D. System configuration, network management, and license management tools

Question 606

Question 606

Which outsourcing agreement provision has the HIGHEST priority from a security operations perspective?
A. Preventing subcontractor use
B. Contract renegotiation terms in disaster
C. Root cause analysis for performance issues
D. Escalation process for incident resolution

Question 607

Question 607

Which of the following is the MOST comprehensive Business Continuity (BC) test?
A. Full interruption
B. Full simulation
C. Tabletop exercise
D. Full functional drill

Question 608

Question 608

A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement?
A. An intrusion prevention system (IPS)
B. Network Access Control (NAC)
C. Active Directory (AD) authentication
D. A firewall

Question 609

Question 609

During an internal audit of an Information Security Management System (ISMS), nonconformities are identified. In which management stage are nonconformities reviewed, assessed, and corrected by the organization?
A. Assessment
B. Planning
C. Improvement
D. Operation

Question 610

Question 610

When developing an external-facing web-based system, which of the following should be the MAIN focus of the security assessment prior to implementation and production?
A. Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
B. Ensuring SSL certificates are internally signed
C. Assessing the Uniform Resource Locator (URL)
D. Ensuring that input validation is enforced

Question 611

Question 611

A financial services organization hired a consultant to review security processes. During the review, gaps were found in the threat model. When should a threat model be revised?
A. After OS patches are applied
B. When a new developer joins the team
C. After modification to the firewall rule policy
D. When a new data repository is added

Question 612

Question 612

The CISO requested a Service Organization Control (SOC) report outlining the security and availability of a system over a 12-month period. Which SOC report should be used?
A. SOC 1 Type 1
B. SOC 1 Type 2
C. SOC 2 Type 2
D. SOC 3 Type 1

Question 613

Question 613

An organization implemented a VoIP system and assigned unique PIN codes to users. To secure the system from unauthorized phone usage, what is the BEST solution?
A. Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
B. Have the administrator change the PIN regularly. Implement CDR reports to track usage.
C. Use phone locking software to enforce PIN changes and policies. Inform users to change their PIN regularly.
D. Implement CDR reports only to track usage.

Question 614

Question 614

Which of the following protection is provided when using a VPN with Authentication Header (AH)?
A. Sender non-repudiation
B. Multi-factor authentication (MFA)
C. Payload encryption
D. Sender confidentiality

Question 615

Question 615

A consultant performing a SOC 2 audit finds an API performing actions outside its defined purpose. Which trust service principle is MOST applicable?
A. Confidentiality
B. Processing Integrity
C. Security
D. Availability

Question 616

Question 616

In which process MUST security be considered during the acquisition of new software?
A. Request for proposal (RFP)
B. Implementation
C. Vendor selection
D. Contract negotiation

Question 617

Question 617

What is the MAIN difference between a network-based firewall and a host-based firewall?
A. Network-based firewalls are stateful, while host-based are stateless.
B. Network-based firewalls block intrusions; host-based block malware.
C. Network-based firewalls control traffic passing through the device, while host-based firewalls control traffic destined for the device.
D. Network-based firewalls verify traffic, while host-based verify processes and applications.

Question 618

Question 618

Which of the following measures BEST protects data on devices when traveling to high-risk countries?
A. Review country laws and clean devices before travel.
B. Use SSL VPNs to download sensitive data at the destination.
C. Keep devices in hotel rooms when not in use.
D. Use MFA for access and biometric controls on devices.

Question 619

Question 619

When network management is outsourced to third parties, which method is MOST effective for protecting critical data assets?
A. Confirm confidentiality agreements are signed.
B. Employ strong access controls.
C. Log all activities associated with sensitive systems.
D. Provide links to security policies.

Question 620

Question 620

Which regulation dictates how data breaches are handled?
A. PCI-DSS
B. NIST
C. Sarbanes-Oxley (SOX)
D. General Data Protection Regulation (GDPR)